Basic Guide to PGP On Linux

Full credit goes to MLP_is_my_OPSEC for writing this tutorial – Thanks for publishing and giving us your permission to post it!

Part 0 – Introduction

I promised it, and here it is! The PGP guide for Linux! Great timing too for Moronic Monday. For this guide we’ll be using GnuPG with Gnu Privacy Assistant as a graphical front-end. We will be using CLI to install these two pieces of software, and creating the keypair. The example OS in question is Linux Mint, so the commands for install may differ from your current OS. Don’t fret though! That’s the only part that may not be relevant to your OS, the rest of the guide will be the same across distros.

Here comes the fun part. It’s going to generate your key, and will ask you to do some random stuff to create entropy. I like to have a Youtube video going with a torrent running in the background, while randomly mashing keys in a text editor. See the picture for an example of what will be output in the terminal

annnddddd we’re done!

Part 3 – Obtaining your public key

So we’ve installed the software, generated our super secure keypair. Now what? Well if you want to actually use it we need to obtain our public key. Everything from here will be done through the graphical front-end.

Click on the keypair you just created, click ‘Keys’ up at the top, then ‘Export keys…’

Select where you want it saved, enter a filename, and click ‘Save’

Browse to the location in your file manager, open up that file with a text editor

There’s your public key! Don’t forget to put this on your market profile so people can contact you easier.

Part 4 – Obtaining your private key

If you ever want to switch operating systems or PGP programs, you’ll need to do this. It’s just as easy as obtaining your public key. Make sure you keep this file safe!

Hopefully you still have GPA open. If not, follow step #1 of Part 3

Click on your keypair, click ‘Keys’ up at the top then ‘Backup’

Select where you want it saved, keep the filename it gives you, and click ‘Save’

A window will pop up, you can back up to a floppy if you’re stuck in the ’80s

Remember to keep this file safe! Don’t forget your passphrase!

Part 5 – Importing a public key

So you want to buy some dank marijuanas, you’ll need to encrypt your message unless you want LE kicking down your door and putting a boot to your throat. How is this done? Easy!

Obtain the recipients public key, which can hopefully be found on their profile

Copy everything, paste into a text editor, save it somewhere

Up at the top, click ‘Keys’, then ‘Import key…’

Select the key, then click ‘Open’. You’ll see this window

We’re done!

I used some random key found on DDG. Thanks Alan!

Part 6 – Importing a private key

You finally realized that Microsoft/Apple is spying on you, and want to switch to an operating system that respects your right to privacy. How do you bring your key over?

Up at the top, select ‘Keys’, then ‘Import Keys…’

Select your backup, it should have a file extension of .asc

This window will appear

Your key is now imported

I could do this blindfolded!

Part 7 – Encrypting a message

GPA makes this easy as pie. Seriously, if you still can’t do it after following the below steps you shouldn’t be here.

Click ‘Windows’ at the top, then ‘Clipboard’

This beautiful window will appear

Type in your message

Click the envelope with the blue key

Select the recipient of the message, sign it with your key if you want, then click ‘Ok’

Your encrypted message will now appear in the buffer. Copy everything and send this to the recipient

Part 8 – Decrypting a message

You sent your message, and the vendor responded! Now what? You’ll want to decrypt the message with your public key.

Copy everything the vendor sent you, paste it into the buffer

Click the envelope at the top with the yellow key

Enter your passphrase

Read your message

Part 9 – Conclusion

There we have it, an easy to follow PGP guide for Linux with pictures! PGP can be overwhelming at first, but with persistence and the willingness to learn anyone can do it. Hopefully this guide will keep you guys safe on the DNM! I’ll have an OS X guide coming soon, and possibly a Windows guide following that. Any and all constructive feedback is appreciated, as well as suggestions for other guides!

57 comments

Good to see a decent gpg tut instead of recommending a bad got client like gpg4win.
It is much better to use terminal to create a key instead of GPA, GPA wont create a 4096 key. but it is a good for key management and message editor, seahorse is also a good pgp client on Linux it will create a 4096 bit key with subkeys, gpg4win or kgpg doesn’t create subkeys with your private key so it’s pretty much useless unless you are hiding stuff on your kid sister.

i “second” that…
and…if i may….
‘steganography’ is, also, a good idea for hiding, say, an encrypted email….a tut’ on that would be good too….although i think its reasonably straight-forward, eh?!?
(uses the “IDEA” encryption algorithm i think, eh?)

There is subtitle in English and you can make full screen, to see subtitles. author created public and private keys and encrypted/decrypted file in Terminal and then encrypted message with password without gpg.

This works on Ubuntu (just did it). That is a typo on the author’s part. Remove his entire line of code (he uses a weirdly encoded dash there, so seriously, remove the whole thing) and type out: gpg –gen-key

“Type, without quotes, ‘sudo apt-get install gpa gnupg2’, then hit ‘enter’”….
My Fedora system doesn’t understand this command. I’m so confused…
‘Linux’ != ‘buntu!!!!!! You don’t even mention anywhere that this tutorial is only for Ubuntu-based systems.

Running Linux Mint 18 (debian based) I cannot seem to create a key: it tells me needs more bytes to create 4096 sized key, and I have created/done more computer activity, but its never enough. (Apparently the key’s randomization is based on extraneous PC activity, right? Well I can never seem to create enough activity.)

Suggestions? I am not new to the concept, just have never done this before. :)

Hi,
I tried all the steps but at ‘Part 8 – Decrypting a message’ when I click on the envelope with the key, it does not ask for the pass-phrase. Instead, Gnu Privacy Assistant card manager appears and shows an error message: “error accessing the card.”

I have noticed that when you decryption a message the passphrase is saved in GPA couple min so you can decryption other messages without the passphrase.
How do you change so the passphrase isn’t saved that long time?

I am pretty new to all that stuff and need your help.
I followed the instructions and managed to build a keypair. After doing so and finding out that it was quite simple I decided to redo the process to change the ID-Data like name and email-adress. I deleted the keypair and started over. But this time it did not generate a keypair but a single key. Now I wonder what went wrong. I deleted the secret key, tried again, same result. What should I do now?